Docs
[IAM]

OpenID

IAM in PLTFRMS is built on OpenID Connect (OIDC) and uses it as the standard protocol for authentication across both internal systems and customer-facing integrations.

OpenID Connect is the foundation for how users authenticate, how sessions are established, and how identity is shared securely between systems.

OpenID in PLTFRMS

Within PLTFRMS, OpenID Connect is used as the primary mechanism for:

  • User authentication (login flows)
  • Identity token issuance (ID tokens)
  • Session validation across applications
  • Secure delegation of access between services

All authentication flows in IAM are based on OpenID Connect standards, extended with PLTFRMS-specific concepts like organisations and realms.

Customer-owned realms

A key feature of IAM is that customers can create and manage their own Realms.

Each realm acts as an isolated identity environment that includes:

  • Users
  • Groups
  • Roles and permissions
  • Applications and integrations
  • Authentication configuration

Each realm operates independently, allowing full separation between different customers or environments.

Hosted OpenID login

IAM provides a hosted login experience that supports OpenID Connect flows out of the box.

This allows customers to:

  • Use PLTFRMS-managed login pages for their realm
  • Authenticate users without building their own login system
  • Maintain secure and compliant authentication flows
  • Fully control branding and domain configuration (e.g. custom login domains)

The hosted login system issues standard OpenID Connect tokens after successful authentication.

OpenID for customer applications

Customers can use their own realm as a full OpenID Connect identity provider.

This enables:

  • Login into customer applications using IAM
  • Single Sign-On (SSO) across systems
  • Integration with third-party services that support OpenID Connect
  • Centralized identity management per customer environment

In this model, IAM acts as a full identity provider (IdP).

Standards with platform extensions

While IAM strictly follows OpenID Connect specifications, it extends them with platform concepts such as:

  • Realms (tenant-level identity isolation)
  • Organisations (access and business context layer)
  • Roles and groups (fine-grained authorization)

These extensions allow PLTFRMS to support complex multi-tenant identity structures while remaining standards-compliant.

Why OpenID matters

OpenID Connect is the backbone of IAM because it ensures:

  • Secure and standardized authentication flows
  • Compatibility with external identity-aware systems
  • Full support for customer-owned identity environments
  • Scalable multi-tenant authentication through realms

It enables IAM to function both as a platform identity system and a customer-facing identity product.